| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Darren Duncan <darren(at)darrenduncan(dot)net>, John R Pierce <pierce(at)hogranch(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Successor of MD5 authentication, let's use SCRAM |
| Date: | 2012-10-13 15:45:13 |
| Message-ID: | 20121013154513.GK29165@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Andrew Dunstan (andrew(at)dunslane(dot)net) wrote:
> Does Debian they create a self-signed certificate? If so, count me
> as unimpressed. I'd argue that's worse than doing nothing. Here's
> what the docs say (rightly) about such certificates:
Self-signed certificates do provide for in-transit encryption. I agree
that they don't provide a guarantee of the remote side being who you
think it is, but setting up a MITA attack is more difficult than
eavesdropping on a connection and more likely to be noticed.
You can, of course, set up your own CA and sign certs off of it under
Debian as well. Unfortunately, most end users aren't going to do that.
Many of those same do benefit from at least having an encrypted
connection when it's all done for them.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2012-10-13 15:54:46 | Optimizer regression |
| Previous Message | Bruce Momjian | 2012-10-13 15:17:32 | Re: Adding comments for system table/column names |